UI not working behind https?

[weierophinney]

It seems to me, the UI does not support HTTPS at the moment. It tries to load (some) .js and .css resources from unencrypted sources.

I’m aware one would only install/run the admin UI in dev environments, where you usually do not need encryption. However, we like to keep our dev-setup as close to production as possible, including TLS.

Our workaround for now is to disable HTTPS enforcement for /apigility URLs.

---

Originally posted by @intellent at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131

[weierophinney]

What do you mean?

Sorry but you need to give us more details on it because it is crucial to reproduce the error. Disabling SSL is not a solution and does not involve the UI.

Please give us more info. (--verbose plz)

---

Originally posted by @colinkelly at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131#issuecomment-256867965

[weierophinney]

Please close this issue as it has no relation to UI obviously...

---

Originally posted by @colinkelly at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131#issuecomment-259370732

[weierophinney]

Hey @colinkelly, sorry for the late reply.

Let me provide more context to this issue.

I’m running ZF2 (with apigility-admin-ui) behind a reverse proxy. The reverse proxy also provides the TLS encryption. So basically my site runs at https://my-site.com.

However, if I try to open Apigility admin UI via https://my-site.com/apigility/ui#/ I get a nearly blank page, because most resources are tried to be loaded from an insecure URL at http://my-site.com.

The issue—I guess—originates from here which—in my case—sets the base URL for Apigility admin UI to http://my-site.com instead of https://my-site.com.

Is this maybe an issue of ZF’s basePath() view helper?

---

Originally posted by @intellent at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131#issuecomment-259378497

[weierophinney]

Happens when the servers are behind an LB as well. Mixed content is disabled and the UI blows up.

---

Originally posted by @ryne-andal at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131#issuecomment-337320637

[weierophinney]

It's not an issue per se; the code is doing what it's supposed to.

What's happening is that the serverUrl() is auto-detecting the URI scheme and authority, but detecting the ones running on your proxied server. These are not the canonical versions, however, which is why everything blows up.

And this is why the serverUrl() helper _allows you to provide the value.

What I'd do is modify your onBootstrap() listener in your Application module to register a listener that operates early (do a route listener at high priority):

public function onBootstrap(MvcEvent $e)
{
    $app = $e->getApplication();
    $container = $app->getServiceManager();
    $events = $app->getEventManager();

    $events->attach(MvcEvent::EVENT_ROUTE, function (MvcEvent $e) use ($container) {
        $request = $e->getRequest();
        $uri = $request->getUri();
        $isSsl = strtolower($uri->getScheme()) === 'https';

        if ($isSsl) {
            return;
        }

        $isProxiedSsl = $request->getHeaders('X-Forwarded-Proto', false);

        if ('https' !== $isProxiedSsl) {
            return;
        }

        $uri = clone $uri;
        $uri->setScheme('https');
        $uri->setPath('');
        $uri->setQuery('');
        $uri->setFragment('');

        $renderer = $container->get(\Zend\View\Renderer\PhpRenderer::class);
        $plugin = $renderer->plugin('ServerUrl');
        $plugin((string) $uri);
    }, 1000);
}

What this does is:

• If the scheme is already https, nothing.
• If the X-Forwarded-Proto header does not indicate "https", nothing.
• Otherwise, it pulls the ServerUrl plugin, and resets the scheme to https based on the current URI.

---

Originally posted by @weierophinney at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131#issuecomment-337611912

[weierophinney]

Thanks @weierophinney. I didn't expect any code changes for this since like you said, the code is correct. I appreciate the code example, it's a great solution.

---

Originally posted by @ryne-andal at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131#issuecomment-337617117

[weierophinney]

Once again @weierophinney saves the day! Thanks mate. I'm glad this could help @intellent and @ryne-andal and others with the same issue.

---

Originally posted by @colinkelly at https://github.com/zfcampus/zf-apigility-admin-ui/issues/131#issuecomment-337748011